Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event (SSE) execute events. This leads to authentication token theft, complete account takeover, and when chained with the Functions API, enables remote code execution on the backend server. The attack requires the victim to enable Direct Connections (disabled by default) and add the attacker's malicious model URL, achievable through social engineering of the admin and subsequent users. This issue is fixed in version 0.6.35.

INFO

Published Date :

2025-11-08T01:29:02.654Z

Last Modified :

2025-11-13T21:37:59.663Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64496 vulnerability.

Vendors Products
Open-webui
  • Open-webui
Openwebui
  • Open Webui
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64496.

URL Resource
https://github.com/open-webui/open-webui/commit/8af6a4cf21b756a66cd58378a01c60f74c39b7ca cve-icon cve-icon
https://github.com/open-webui/open-webui/security/advisories/GHSA-cm35-v4vp-5xvx cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact